CVE-2025-0219

MEDIUM EPSS 21.5%

Published Jan 5, 20251y ago · Modified Jun 17, 20261w ago

5.1 CVSS 4.0

Medium

Published Jan 5, 2025 1y ago

Last Modified Jun 17, 2026 1w ago

Description

A vulnerability, which was classified as problematic, has been found in Trimble SPS851 488.01. Affected by this issue is some unknown functionality of the component Receiver Status Identity Tab. The manipulation of the argument System Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Details

Base Score

5.1

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required High

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

21.5% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 2

CWE-79 Cross-site Scripting Injection

CWE-94 Improper Control of Generation of Code (Code Injection) Injection

References 3

vuldb.com https://vuldb.com/?ctiid.290198
vuldb.com https://vuldb.com/?id.290198
vuldb.com https://vuldb.com/?submit.464906

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.